Lucene search
K

18 matches found

Snyk
Snyk
added 2026/06/09 6:32 p.m.6 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in OSSLCRMFENCRYPTEDVALUEdecrypt. An attacker in a MitM position can return a CRMF CertRepMessage whose EncryptedValue carries a symmAlg field with an algorithm OID but no parameters, dereferencing NULL when the...

8.2CVSS7.1AI score0.00349EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/17 9:34 p.m.9 views

Insertion of Sensitive Information Into Sent Data

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the getSinglePublicChatflow handler in chatflows/index.ts. An attacker can retrieve sensitive flow configuration by requesting a public chatflow and...

8.7CVSS5.7AI score0.00421EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/16 9:52 p.m.15 views

Missing Authentication for Critical Function

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the public-chatbotConfig and oauth2-credential/refresh endpoints. An attacker can obtain OAuth 2.0 access tokens for third-party services by retrieving...

10CVSS5.5AI score0.00308EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/16 9:50 p.m.7 views

Server-side Request Forgery (SSRF)

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the getHttpDenyList process in httpSecurity.ts. An attacker can reach internal or otherwise denied HTTP endpoints by supplying requests that rely on the HTTP deny li...

8.3CVSS5.7AI score0.00234EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/06 4:9 p.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the process that parses WWW-Authenticate challenges from an upstream registry. An attacker can obtain upstream credentials by manipulating the bearer realm URL to redirect authentication requests to a...

8.7CVSS5.9AI score0.00274EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/06 4:9 p.m.2 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the process that parses WWW-Authenticate challenges from an upstream registry. An attacker can obtain upstream credentials by manipulating the bearer realm URL to redirect authentication requests to a...

8.7CVSS5.9AI score0.00274EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/24 8:57 p.m.3 views

Memory Allocation with Excessive Size Value

Overview github.com/gofiber/fiber/v3 is an Express inspired web framework written in Go. Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the parseAndClearFlashMessages function. An attacker can cause excessive memory allocation by sending a...

8.7CVSS6AI score0.00396EPSS
Exploits1References2
OSV
OSV
added 2026/02/16 3:2 a.m.7 views

CVE-2026-2532 lintsinghua DeepAudit IP Address embedding_config.py server-side request forgery

A vulnerability was detected in lintsinghua DeepAudit up to 3.0.3. This issue affects some unknown processing of the file backend/app/api/v1/endpoints/embeddingconfig.py of the component IP Address Handler. Performing a manipulation results in server-side request forgery. It is possible to initia...

5.3CVSS6.3AI score0.00246EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2017-20165

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability classified as problematic has been found in debug-js debug up to 3.0.x. This affects the function useColors of the file src/node.js. The...

7.5CVSS4.5AI score0.02046EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 6:2 a.m.3 views

CVE-2023-28440

Discourse is an open source platform for community discussion. In affected versions a maliciously crafted request from a Discourse administrator can lead to a long-running request and eventual timeout. This has the greatest potential impact in shared hosting environments where admins are untruste...

2.7CVSS6.7AI score0.00688EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:47 a.m.7 views

CVE-2017-20165

A vulnerability classified as problematic has been found in debug-js debug up to 3.0.x. This affects the function useColors of the file src/node.js. The manipulation of the argument str leads to inefficient regular expression complexity. Upgrading to version 3.1.0 is able to address this issue. T...

7.5CVSS6.9AI score0.02046EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2024/06/04 12:44 p.m.3 views

SUSE CVE-2022-24737

HTTPie is a command-line HTTP client. HTTPie has the practical concept of sessions, which help users to persistently store some of the state that belongs to the outgoing requests and incoming responses on the disk for further usage. Before 3.1.0, HTTPie didn't distinguish between cookies and host...

6.5CVSS5.7AI score0.01625EPSS
Exploits1References3
Snyk
Snyk
added 2024/03/15 6:30 p.m.4 views

Arbitrary Code Injection

Overview billz/raspap-webgui is a Simple wireless AP setup and mangement for Debian-based devices. Affected versions of this package are vulnerable to Arbitrary Code Injection in the DisplayProviderConfig function, which is accessible via the $POST'country' in the HTTP POST request handler. A use...

7.2CVSS7.7AI score0.00907EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/10/25 12:0 a.m.7 views

PT-2023-24882 · Itop +1 · Itop +1

Name of the Vulnerable Software and Affected Versions: iTop versions prior to 3.0.4 and 3.1.0 Description: iTop is an open source, web-based IT service management platform. Cross site scripting is possible on pages/UI.php in versions prior to 3.0.4 and 3.1.0. Recommendations: For versions prior t...

9.8CVSS6.9AI score0.25573EPSS
Exploits11References67
Positive Technologies
Positive Technologies
added 2023/07/28 12:0 a.m.5 views

PT-2023-26173 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.0.6 of the stable branch Discourse versions prior to 3.1.0.beta7 of the beta and tests-passed branches Description: Discourse is an open source discussion platform. The issue allows more users than permitted to b...

3.1CVSS3.8AI score0.0024EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2023/06/12 12:0 a.m.8 views

PT-2023-10296 · Cchetanonline · Wp-Copyprotect

Name of the Vulnerable Software and Affected Versions: cchetanonline WP-CopyProtect versions up to 3.0.0 Description: A vulnerability was found in the function CopyProtect options page of the file wp-copyprotect.php. The manipulation of the argument CopyProtect nrc text leads to cross-site...

6.1CVSS6.8AI score0.00473EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/05/11 12:0 a.m.7 views

PT-2022-20195 · Litespeed · Litespeed Quic

Name of the Vulnerable Software and Affected Versions: LiteSpeed QUIC aka LSQUIC versions prior to 3.1.0 Description: The issue arises from the mishandling of MAX TABLE CAPACITY in liblsquic/lsquic qenc hdl.c. No information is provided about the estimated number of potentially affected devices...

9.8CVSS9.2AI score0.03246EPSS
Exploits0References8
OSV
OSV
added 2019/04/26 4:29 p.m.4 views

CVE-2019-0186

The input fields of the Apache Pluto "Chat Room" demo portlet 3.0.0 and 3.0.1 are vulnerable to Cross-Site Scripting XSS attacks. Mitigation: Uninstall the ChatRoomDemo war file - or - migrate to version 3.1.0 of the chat-room-demo war file...

6.1CVSS5.8AI score0.20649EPSS
Exploits5References7
Rows per page
Query Builder